Engine Yard Developer Center

Engine Yard Release Notes - January 2015

The updates described are either important (where you need to take action) or of interest (you might want to know about these changes but you don't need to do anything).

Hotfix: Engine Yard Gentoo 2009 stack upgrade

January 30th, 2015

Action: We recommend you test this hotfix in your staging environment as soon as possible; then, when that is validated, click the Upgrade button for your production environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the "Engine Yard Gentoo 2009" stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v2.png

It's best practice to upgrade your Engine Yard Gentoo 2009 (stable-v2) stack regularly for the latest security and product updates. This week's updates:

  • Upgrades glibc to resolve CVE-2015-0235

    Note:  For this to take effect, you will need to restart processes that are still using the old version. The easiest way is to reboot your instances, if you can handle a short period of downtime. Please follow the instructions here to complete the changes:
    • Wait for Upgrade to complete
    • Schedule a time where a short duration of downtime can be tolerated
    • Edit environment and change the Takeover Preference to Disabled
    • Save the environment change, then click Apply.
    • Wait for Apply to complete.
    • Log into each instance and reboot simultaneously: sudo shutdown -r now
    • Wait for the instances to reboot and confirm your app is working
    • If there are any issues after the reboot, click apply and re-deploy your app
    • Open a support ticket if you need further assistance
    • Finally, edit the environment to restore your Takeover Preference to its previous value, save, then click Apply.

    If you are sensitive to downtime, you can manually restart the processes listed in /tmp/processes_using_deleted_libraries on each instance, but this is only recommended if you are very familiar with Gentoo Linux. We are working on a way to do this through the dashboard, which should be ready next week.

    As always, we recommend applying these changes to a staging environment first to ensure there are no adverse impacts to your application before applying them to your production environment.

For more information on Engine Yard Gentoo 2009, see the Engine Yard Gentoo 2009 docs.

 

Hotfix: Engine Yard Gentoo 12.11 stack upgrade

January 30th, 2015

Action: We recommend you test this hotfix in your staging environment as soon as possible; then, when that is validated, click the Upgrade button for your production environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 12.11 stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

  • Upgrades glibc to resolve CVE-2015-0235

    Note:  For this to take effect, you will need to restart processes that are still using the old version. The easiest way is to reboot your instances, if you can handle a short period of downtime. Please follow the instructions here to complete the changes:
    • Wait for Upgrade to complete
    • Schedule a time where a short duration of downtime can be tolerated
    • Edit environment and change the Takeover Preference to Disabled
    • Save the environment change, then click Apply.
    • Wait for Apply to complete.
    • Log into each instance and reboot simultaneously: sudo shutdown -r now
    • Wait for the instances to reboot and confirm your app is working
    • If there are any issues after the reboot, click apply and re-deploy your app
    • Open a support ticket if you need further assistance
    • Finally, edit the environment to restore your Takeover Preference to its previous value, save, then click Apply.

    If you are sensitive to downtime, you can manually restart the processes listed in /tmp/processes_using_deleted_libraries on each instance, but this is only recommended if you are very familiar with Gentoo Linux. We are working on a way to do this through the dashboard, which should be ready next week.

    As always, we recommend applying these changes to a staging environment first to ensure there are no adverse impacts to your application before applying them to your production environment.

For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.

Minor: Engine Yard Gentoo 2009 stack upgrade

January 30th, 2015

Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 2009 environment.

Note: For clarity, since we now have 2 GA stacks, we refer to this stack as the "Engine Yard Gentoo 2009" stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v2.png

It's best practice to upgrade your Engine Yard Gentoo 2009 (stable-v2) stack regularly for the latest security and product updates. This week's updates:

  • Improves PostgreSQL database importer script (and renames it from load_foreign_postgres_db.sh to load_postgres_db.sh). Run it with -h for usage instructions.
  • Fixes incomplete resolv.conf search entry that is sometimes received from the upstream DHCP server.
  • Allows customization of Unicorn timeout by adding "export UNICORN_TIMEOUT=time-in-seconds" to /data/app_name/shared/config/env.custom

    Note: You will need to increase nginx timeouts if you want to exceed two minutes.  You can use custom chef to alter /etc/nginx/common/proxy.conf (and restart nginx):

proxy_send_timeout <time-in-seconds>s;
proxy_read_timeout <time-in-seconds>s;
proxy_connect_timeout <time-in-seconds>s;

  • Upgrades NTP version to fix multiple vulnerabilities, and tightens configuration to mitigate any future vulnerabilities
  • Fixes regression on dump-style backup retention for similarly named databases (this was originally fixed on Aug 13, 2014, but unintentionally reverted Sept 4, 2014)

 For more information on Engine Yard Gentoo 2009, see the Engine Yard Gentoo 2009 docs.

 

Minor: Engine Yard Gentoo 12.11 stack upgrade

January 30th, 2015

Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 2009 environment.

Note: For clarity, since we now have 2 GA stacks, we refer to this stack as the "Engine Yard Gentoo 12.11" stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png 

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

  • Improves PostgreSQL database importer script (and renames it from load_foreign_postgres_db.sh to load_postgres_db.sh). Run it with -h for usage instructions.
  • Fixes incomplete resolv.conf search entry that is sometimes received from the upstream DHCP server.
  • Allows customization of Unicorn timeout by adding "export UNICORN_TIMEOUT=time-in-seconds" to /data/app_name/shared/config/env.custom

    Note: You will need to increase nginx timeouts if you want to exceed two minutes.  You can use custom chef to alter /etc/nginx/common/proxy.conf (and restart nginx):

proxy_send_timeout <time-in-seconds>s;
proxy_read_timeout <time-in-seconds>s;
proxy_connect_timeout <time-in-seconds>s;

  • Upgrades NTP version to fix multiple vulnerabilities, and tightens configuration to mitigate any future vulnerabilities
  • Fixes regression on dump-style backup retention for similarly named databases (this was originally fixed on Aug 13, 2014, but unintentionally reverted Sept 4, 2014)
  • Ensures the same Node.js version that is explicitly stated for Node.js apps is set as the system default Node.js version (In cases where multiple apps are present and use different versions, the system version will be the highest version that satisfies the majority of apps)

For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.

 

Hotfix: Engine Yard Gentoo 2009 stack upgrade

January 21st, 2015

Action: We recommend you test this hotfix in your staging environment as soon as possible; then, when that is validated, click the Upgrade button for your production environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the "Engine Yard Gentoo 2009" stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v2.png

It's best practice to upgrade your Engine Yard Gentoo 2009 (stable-v2) stack regularly for the latest security and product updates. This week's updates:

  • Restarts ntp if stale remote sources are detected to prevent clock drift
  • Upgrades libyaml to resolve CVE-2014-9130

    Note: Clicking the Upgrade button does not mean that all processes using the libyaml library are automatically upgraded, too. If you are running any Ruby apps or background workers, you need to redeploy or manually restart them to pick up the updated libyaml library.

For more information on Engine Yard Gentoo 2009, see the Engine Yard Gentoo 2009 docs.

 

Hotfix: Engine Yard Gentoo 12.11 stack upgrade

January 21st, 2015

Action: We recommend you test this hotfix in your staging environment as soon as possible; then, when that is validated, click the Upgrade button for your production environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 12.11 stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

  • Restarts ntp if stale remote sources are detected to prevent clock drift
  • Upgrades libyaml to resolve CVE-2014-9130

    Note: Clicking the Upgrade button does not mean that all processes using the libyaml library are automatically upgraded, too. If you are running any Ruby apps or background workers, you need to redeploy or manually restart them to pick up the updated libyaml library.

  • Upgrades PHP to v5.4.36 to resolve the NULL pointer dereference bug

    Note: You will need to re-deploy your PHP app after clicking the Upgrade button and waiting for the upgrade to finish in order for your running PHP app to start using the new version.

For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.


If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Dennis Bell

    January 30th Release now available.  This contains an important HOTFIX for CVE-2015-0235, as well as some other important updates.

Please sign in to leave a comment.

Powered by Zendesk